The Costly Consequences of Cyberattacks: Lessons from MGM Resorts
Last month, MGM Resorts fell victim to a devastating cyberattack that not only cost the company $100 million but also exposed the personal information of its customers. This incident serves as a stark reminder of the importance of robust cybersecurity measures and the potential risks faced by businesses operating in sectors like retail, healthcare, professional services, and financial services.
A Profitable Target for Hackers
MGM Resorts, a renowned hospitality and entertainment giant, disclosed the cybersecurity issue on September 11, 2023. The attack impacted various aspects of the company’s operations, including its main website, online reservations systems, and in-casino services like slot machines, credit card terminals, and ATMs.
Following an investigation, it was revealed that the threat actor responsible for the disruption was an affiliate of the BlackCat/ALPHV ransomware gang known as Scattered Spider. These hackers utilized social engineering techniques to breach MGM’s network, steal sensitive data, and encrypt over a hundred ESXi hypervisors.
Disrupting Business Operations
The impact of the IT system outage caused by the cyberattack was significant, leading to disruptions across a broad range of MGM’s business operations. The company estimates a negative impact of approximately $100 million to Adjusted Property EBITDAR for the Las Vegas Strip Resorts and Regional Operations.
While the availability of bookings through the company’s website and mobile applications resulted in lower occupancy rates, the financial impact was mainly contained to the month of September, accounting for 88% of the negative impact.
In addition to the $100 million in earnings lost, MGM incurred less than $10 million in one-time expenses for risk remediation, legal fees, third-party advisory, and incident response measures. Fortunately, MGM expects to be fully covered by its cybersecurity insurance.
Protecting Customer Data
One of the most concerning aspects of the cyberattack was the theft of customers’ personal information. MGM warns that the threat actors managed to steal the personal details of customers who had transacted with the company before March 2019.
The exposed information includes full names, phone numbers, email addresses, postal addresses, gender, date of birth, driver’s licenses, Social Security Numbers (SSN), and passport numbers. However, MGM asserts that the incident did not expose customer passwords, bank account numbers, or payment card information.
In response, MGM is offering free credit monitoring and identity protection services to affected individuals. The company advises customers to remain vigilant against unsolicited communications and recommends reviewing account statements and monitoring credit reports to detect any signs of fraud or identity theft.
Addressing Your IT Challenges: Enhancing Security and Efficiency
As businesses operating in sectors where IT is crucial but not the primary focus, you understand the importance of robust IT management, cybersecurity, compliance, and operational efficiency. However, managing these aspects can be increasingly complex and time-consuming.
That’s where we come in. We offer comprehensive IT support services tailored to your specific needs. Our team of experts will handle your daily IT infrastructure management, ensuring smooth operations and minimizing downtime. We understand the importance of compliance with industry standards, and we will assist you in navigating the complex compliance rules specific to your sector.
When it comes to cybersecurity, we recognize the ever-evolving threats and the potential costs of non-compliance. Our cybersecurity services are designed to enhance your security posture, protect your sensitive data, and safeguard your reputation. We will work with you to develop a comprehensive information security program that aligns with your specific requirements and industry standards.
We value trust, accountability, and results. Our decisions are based on data, perceived value, and our proven track record. We understand the challenges you face in managing IT services internally and the need for external support to navigate the increasingly complex IT and compliance landscape.
Don’t let IT issues consume your time and resources. Focus on your core operations while we take care of your IT needs. Let us help you improve operational efficiency, enhance security, ensure compliance, and provide you with the peace of mind you deserve.
How did the Data Breach at Nickelodeon Compare to the MGM Resorts Ransomware Attack?
The nickelodeon intense investigation major breach raised concerns about data security in entertainment companies. While the MGM Resorts ransomware attack targeted sensitive data, the nickelodeon breach potentially exposed personal information of children. Both incidents highlighted the need for robust cybersecurity measures and brought attention to the vulnerability of digital platforms in safeguarding customer data.
Stay Safe Online: Protect Yourself Today
The cyberattack on MGM Resorts serves as a powerful reminder of the potential consequences of inadequate cybersecurity measures. As businesses operating in sectors where IT plays a crucial role, it’s essential to prioritize your security and take proactive steps to protect yourself.
Take the time to educate yourself and your team about cybersecurity best practices. Regularly update your software and systems, use strong and unique passwords, and be cautious of suspicious emails and links. Implement multi-factor authentication wherever possible and consider investing in cybersecurity training for your employees.
Remember, cybersecurity is an ongoing process. Stay informed about the latest threats and vulnerabilities and partner with trusted IT support providers who can guide you through the complexities of cybersecurity and compliance.
Together, we can create a secure and efficient digital environment for your business.
Stay safe online and explore our comprehensive IT support and cybersecurity services today.